Thursday, February 21, 2013

NXP's silicon fingerprinting promises to annoy the heck out of ID hackers

[![NXP's silicon fingerprinting promises to annoy the heck out of ID hackers](http://www.blogcdn.com/www.engadget.com/media/2013/02/puf-lead.jpg) ](http://www.engadget.com/2013/02/21/nxp-chip-fingerprinting/)

It's 2013 and white hat hackers like [Adam Laurie](http://www.engadget.com/2011/08/05/square-found-to-be-ripe-for-fraud-turned-into-card-skimmer/) are still breaking into ID chips that are supposed to be secure. How come? Partly it's the way of the world, because no man-made [NFC](http://www.engadget.com/tag/nfc) or [RFID](http://www.engadget.com/tag/RFID) security barrier can ever be truly impervious. But in practical terms, a chip's vulnerability often stems from the fact that it can be taken apart and probed at a hacker's leisure. The secure element doesn't necessarily need to have power running through it or to be in the midst of near-field communication in order to yield up its cryptographic key to a clever intruder who has sufficient time and sufficient desire to breach the security of a [smartphone](http://www.engadget.com/2012/05/26/google-wallet-one-year-later/), [bank card](http://www.engadget.com/2012/11/13/bank-of-america-gets-into-card-swiping-with-mobile-pay-on-demand/) or [national border](http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/).

Which brings us to the latest device in [NXP](http://www.engadget.com/tag/nxp/)'s SmartMX2 range -- a piece of technology that is claimed to work very differently and that is expected to hit the market next year. Instead of a traditional key stored in the secure element's memory, every single copy of this chip carries a unique fingerprint within the physical structure of its transistors. This fingerprint (aka Physically Unclonable Function, or PUF) is a byproduct of tiny errors in the fabrication process -- something chip makers usually try to minimize. But NXP has found a way to amplify these flaws in a controlled way and use them for identification, and it'd take a mightily well-equipped criminal (or [fare dodger](http://www.engadget.com/2012/09/23/android-hack-subways/), or [Scrabble cheater](http://www.engadget.com/2012/11/15/scrabble-board-rfid/)) to reverse engineer _that_.

Filed under: [Misc](http://www.engadget.com/category/misc/), [Science](http://www.engadget.com/category/science/), [Mobile](http://www.engadget.com/category/mobile/)

**[Comments](http://www.engadget.com/2013/02/21/nxp-chip-fingerprinting/#comments)**

URL: http://www.engadget.com/2013/02/21/nxp-chip-fingerprinting/

No comments:

Post a Comment